what you don't know can hurt you
Showing 1 - 13 of 13 RSS Feed

CVE-2016-9606

Status Candidate

Overview

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

Related Files

Red Hat Security Advisory 2018-2913-01
Posted Oct 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2913-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.1.0 serves as an update to Red Hat Decision Manager 7.0.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a Yaml unmarshalling vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-9606
MD5 | c4738e9bd1c97638aee3b2ceb5f51c97
Red Hat Security Advisory 2018-2909-01
Posted Oct 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2909-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.1.0 serves as an update to Red Hat Process Automation Manager 7.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include Yaml unmarshalling that is vulnerable to remote code execution.

tags | advisory, remote, code execution
systems | linux, redhat
advisories | CVE-2016-9606
MD5 | 3de3d48898e63d003c45598a07f940b1
Red Hat Security Advisory 2017-1676-01
Posted Jul 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1676-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.4.4 serves as a replacement for Red Hat JBoss BRMS 6.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-9606, CVE-2017-5929
MD5 | 4c50bdfaca9f2dfe4036b3ed2dce799b
Red Hat Security Advisory 2017-1675-01
Posted Jul 4, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1675-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.4.4 serves as a replacement for Red Hat JBoss BPM Suite 6.4.3, and includes bug fixes and enhancements. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-6346, CVE-2016-9606, CVE-2017-5929
MD5 | e2a3fcbf5ce7674e93c998afd2949970
Red Hat Security Advisory 2017-1409-01
Posted Jun 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1409-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606, CVE-2017-2595, CVE-2017-2666, CVE-2017-2670
MD5 | 7af8232e8cf016b9e7b0d7b784ab0895
Red Hat Security Advisory 2017-1411-01
Posted Jun 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1411-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606, CVE-2017-2595, CVE-2017-2666, CVE-2017-2670
MD5 | 0062fcbddb7f4979136a4d6c93b0feae
Red Hat Security Advisory 2017-1412-01
Posted Jun 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1412-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.6.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-9606, CVE-2017-2595, CVE-2017-2666, CVE-2017-2670
MD5 | d0bedea67c6fdc5cd045105320a52100
Red Hat Security Advisory 2017-1410-01
Posted Jun 7, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1410-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.0.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606, CVE-2017-2595, CVE-2017-2666, CVE-2017-2670
MD5 | 94a50a29559ac107f7345cd025e0baa6
Red Hat Security Advisory 2017-1256-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1256-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
MD5 | 07ee9a5b8db1b3db8e2bef4397864fea
Red Hat Security Advisory 2017-1253-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1253-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
MD5 | a229d6f00fd67bdb7bb016bd0d7d571f
Red Hat Security Advisory 2017-1255-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1255-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
MD5 | 60c3b7069ffc5b30cddf4ee0b24c322b
Red Hat Security Advisory 2017-1260-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1260-01 - The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.15. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
MD5 | 8aefeb178d366c568e0a82041b59ad74
Red Hat Security Advisory 2017-1254-01
Posted May 19, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1254-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.15 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.14, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2016-9606
MD5 | fdef0c14ce8875975e041e5068ff009b
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close